<?php
/**
 * Created by PhpStorm.
 * User: admin
 * Date: 2017/12/8
 * Time: 19:32
 * 管理员用户登录验证
 */
//加载后台全局调用类文件
require_once("admin_global.php");

//判断用户是否按了登录按钮
if(isset($_POST['submit'])){
    //获取表单信息
    $userName=$_POST['username'];
    $userPassword=$_POST['password'];
    $code=$_POST['code'];
    //对输入信息做简单处理，防止SQL注入
    $userName=addslashes(htmlspecialchars(strip_tags(trim($userName))));
    $userPassword=addslashes(htmlspecialchars(strip_tags(trim($userPassword))));
    $code=addslashes(htmlspecialchars(strip_tags(trim($code))));
    $userPassword=sha1($userPassword);
    $code=strtolower($code);
    //判断用户名密码是否正确
    $sql="SELECT * FROM admin WHERE userName='$userName' AND userPassword='$userPassword' LIMIT 1";
    $query=$db->query($sql);
    $result=$db->fetch_array($query);
    if($result!=null){
        //判断用户是否禁用
        if($result['userEnabled']==1){
            //检查验证码
            $captchaCode=strtolower($_SESSION['captchaCode']);
            if($code==$captchaCode){
                //存储SESSION变量
                $_SESSION['uid']=$result['userID'];
                $_SESSION['userName']=$result['userName'];
                $_SESSION['shell']=sha1($result['userName'].$result['userPassword']."PSY");
                $_SESSION['userType']=$result['userType'];
                //修改数据表中用户最近登录时间和登录IP
                $recentLoginTime=time();
                $recentLoginIP=$db->getip();
                $sql="UPDATE admin SET recentLoginTime='$recentLoginTime',recentLoginIP='$recentLoginIP'";
                $query=$db->query($sql);
                //跳转到后台首页
                echo "<script>location.href='index.php';</script>";
            }else{
                echo "<script>alert('验证码错误！');location.href='login.php';</script>";
            }

        }else{
            echo "<script>alert('用户被禁用！');location.href='login.php';</script>";
        }
    }else{
        echo "<script>alert('用户名密码错误！');location.href='login.php';</script>";
    }


}